Apple Offers $1 Million to Anyone who Hack its New AI System

Apple has revealed a bug bounty program that is offering up to $1 million to the anyone who will successfully hack the strongest secure Private Cloud Compute System that supports its Apple Intelligence features.

It comes as Apple Intelligence is about to launch on iPhones next week with the arrival of its major point upgrade iOS 18.1. This will include iPhone AI features for the first time, such as enhancements to its voice assistant Siri.

Compared to other smartphone manufacturers in the Google Android ecosystem, including Samsung, which provide so-called “hybrid AI,” Apple is said to provide the most private and secure AI alternative. This is because the iPhone manufacturer uses Apple Intelligence to process as much data as possible on the device.

Apple’s Private Cloud Compute utilizes its own silicon servers to process more complicated queries. PCC is “the most advanced security architecture ever deployed for cloud AI compute at scale,” according to Apple, and it is constructed using proprietary Apple silicon and a privacy-focused operating system.

Additionally, it has a good deal of confidence in its security. Apple stated when it introduced PCC that it would provide security researchers with the opportunity to identify weaknesses in its private cloud platform.

“In the weeks after we announced Apple Intelligence and PCC, we provided third-party auditors and select security researchers early access to the resources we created to enable this inspection, including the PCC Virtual Research Environment,” Apple explained in a new blog titled Security research on Private Cloud Compute.

Apple released resources for all security and privacy researchers, or “anyone with interest and a technical curiosity to find holes in the platform,” on October 24.

According to the company, the aim is “to gain a better understanding of PCC and conduct their own independent verification of our claims.”

Meanwhile, PCC will be included to the Apple Security Bounty, which offers “significant rewards” for reporting of problems with Apple’s safety or privacy claims.

Apple’s $1 million bug bounty

The bug bounty offered by Apple for PCC is quite substantial. It is offering $1 million for arbitrary code execution defects that are considered serious holes, which it defines as permitting “remote attack on request data.” A still very sizable $250,000 reward is available for gaining access to a user’s request data or private information outside the trust boundary.

Apple is giving $150,000 for flaws that provide access to a user’s request data or other sensitive information about the user outside the trust boundary, which is relevant to attacks that require a “privileged position”—that is, access to someone’s iPhone.
“Because we care deeply about any compromise to user privacy or security, we will consider any security issue that has a significant impact to PCC for an Apple Security Bounty reward, even if it doesn’t match a published category,” Apple said.

It added that it will “evaluate every report according to the quality of what’s presented, the proof of what can be exploited and the impact to users.”

Security researchers interested in the program can visit the Apple Security Bounty page to learn more and to submit their research.

Article Link: https://www.forbes.com